CVE-2023-30949

Опубликовано: 26 июл. 2023

Источник: nvd

CVSS3: 4.3

CVSS3: 5.3

EPSS Низкий

Описание

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.

Ссылки

https://palantir.safebase.us/?tcuUid=bbc1772c-e10a-45cc-b89f-48cc1a8b2cfc
Vendor Advisory
https://palantir.safebase.us/?tcuUid=bbc1772c-e10a-45cc-b89f-48cc1a8b2cfc
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:palantir:slate:*:*:*:*:*:*:*:*

Версия до 6.207.0 (исключая)

EPSS

Процентиль: 25%

0.00085

Низкий

4.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-1173

CWE-346

Связанные уязвимости

GHSA-qg9q-66vx-29vw

CVSS3: 4.3

github

больше 2 лет назад

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.

EPSS

Процентиль: 25%

0.00085

Низкий

4.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-1173

CWE-346